Applications

The Applications API allows you to programmatically manage Connect Applications and their associated client secrets.

WorkOS Connect supports two types of applications: OAuth and Machine-to-Machine M2M.

OAuth Applications

OAuth applications are designed for web, mobile, desktop, and CLI applications where a user needs to authenticate.

cURL

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": true,
  "scopes": ["example-permission:read", "example-permission:write"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": false,
  "was_dynamically_registered": false,
  "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "scopes": ["example-permission:read", "example-permission:write"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "My Application",
  "description": "Application description",
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": false,
  "is_first_party": false,
  "was_dynamically_registered": true,
  "scopes": [],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

`OAuth Application`

Machine-to-Machine Applications

M2M applications are designed for server-to-server authentication without user interaction.

M2M Application Example

cURL

 {
  "object": "connect_application",
  "id": "app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "client_id": "client_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "name": "Backend Service",
  "description": "Machine-to-machine application for API access",
  "application_type": "m2m",
  "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
  "scopes": ["api:read", "api:write", "api:admin"],
  "created_at": "2024-01-15T12:30:00.000Z",
  "updated_at": "2024-01-15T12:30:00.000Z"
}

`M2M Application`

Get a Connect Application

Retrieve details for a specific Connect Application by ID or client ID.

cURL

 curl "https://api.workos.com/connect/applications/conn_app_01HXYZ123456789ABCDEFGHIJ" \
  --header "Authorization: Bearer sk_example_123456789"

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

GET

`/connect/applications/:id`

`Parameters`

`Returns`

List Connect Applications

List all Connect Applications in the current environment with optional filtering.

cURL

 curl "https://api.workos.com/connect/applications" \
  --header "Authorization: Bearer sk_example_123456789"

 {
  "object": "list",
  "data": [
    {
      "application_type": "oauth",
      "redirect_uris": [
        {
          "uri": "https://example.com/callback",
          "default": true
        }
      ],
      "uses_pkce": true,
      "is_first_party": true,
      "object": "connect_application",
      "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
      "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
      "description": "An application for managing user access",
      "name": "My Application",
      "scopes": [
        "openid",
        "profile",
        "email"
      ],
      "created_at": "2026-01-15T12:00:00.000Z",
      "updated_at": "2026-01-15T12:00:00.000Z"
    }
  ],
  "list_metadata": {
    "before": "conn_app_01HXYZ123456789ABCDEFGHIJ",
    "after": "conn_app_01HXYZ987654321KJIHGFEDCBA"
  }
}

GET

`/connect/applications`

`Parameters`

`Returns` `object`

Create a Connect Application

Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.

cURL

 curl -X POST https://api.workos.com/connect/applications \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --data '{
    "name": "My OAuth App",
    "application_type": "oauth",
    "description": "Customer-facing OAuth application",
    "redirect_uris": [
      {
        "uri": "https://example.com/callback",
        "default": true
      }
    ],
    "uses_pkce": false,
    "is_first_party": false,
    "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
    "scopes": ["example-permission:write"]
  }'

 curl -X POST https://api.workos.com/connect/applications \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --data '{
    "name": "My M2M App",
    "application_type": "m2m",
    "description": "Backend service application",
    "organization_id": "org_01J9Q2Z3X4Y5W6V7U8T9S0R1Q",
    "scopes": ["api:read", "api:write"]
  }'

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

POST

`/connect/applications`

`Returns`

Update a Connect Application

Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.

cURL

 curl --request PUT \
  --url "https://api.workos.com/connect/applications/conn_app_01HXYZ123456789ABCDEFGHIJ" \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  -d @- <<'BODY'
    {
        "name": "My Application",
        "description": "An application for managing user access",
        "scopes": [
            "openid",
            "profile",
            "email"
        ],
        "redirect_uris": [
            {
                "uri": "https://example.com/callback",
                "default": true
            }
        ]
    }
BODY

 {
  "application_type": "oauth",
  "redirect_uris": [
    {
      "uri": "https://example.com/callback",
      "default": true
    }
  ],
  "uses_pkce": true,
  "is_first_party": true,
  "object": "connect_application",
  "id": "conn_app_01HXYZ123456789ABCDEFGHIJ",
  "client_id": "client_01HXYZ123456789ABCDEFGHIJ",
  "description": "An application for managing user access",
  "name": "My Application",
  "scopes": [
    "openid",
    "profile",
    "email"
  ],
  "created_at": "2026-01-15T12:00:00.000Z",
  "updated_at": "2026-01-15T12:00:00.000Z"
}

PUT

`/connect/applications/:id`

`Parameters`

`Returns`

Delete a Connect Application

Delete an existing Connect Application.

Request

cURL

 curl -X DELETE https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \
  --header "Authorization: Bearer sk_example_123456789"

 require "workos"

WorkOS.configure do |config|
  config.api_key = "sk_example_123456789"
end

WorkOS.client.connect.delete_application(id: "conn_app_01HXYZ123456789ABCDEFGHIJ")

 from workos import WorkOSClient

client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789")

client.connect.delete_application(id_="conn_app_01HXYZ123456789ABCDEFGHIJ")

 package main

import (
	"context"

	"github.com/workos/workos-go/v9"
)

func main() {
	client := workos.NewClient("sk_example_123456789")

	_, err := client.Connect().DeleteApplication(context.Background(), "conn_app_01HXYZ123456789ABCDEFGHIJ")
	if err != nil {
		panic(err)
	}
}

 <?php

use WorkOS\WorkOS;

$workos = new WorkOS(
    apiKey: "sk_example_123456789",
    clientId: "client_123456789",
);

$workos->connect()->deleteApplication(id: "conn_app_01HXYZ123456789ABCDEFGHIJ");

 import com.workos.WorkOS;

WorkOS workos = new WorkOS("sk_example_123456789");

workos.connect.deleteApplication("conn_app_01HXYZ123456789ABCDEFGHIJ");

 using WorkOS;

var client = new WorkOSClient(new WorkOSOptions {
    ApiKey = "sk_example_123456789",
    ClientId = "client_123456789",
});

await client.Connect.DeleteApplicationAsync("conn_app_01HXYZ123456789ABCDEFGHIJ");

 use workos::Client;

#[tokio::main]
async fn main() -> Result<(), workos::Error> {
    let client = Client::builder()
        .api_key("sk_example_123456789")
        .client_id("client_123456789")
        .build();

    let _result = client
        .connect()
        .delete_application("conn_app_01HXYZ123456789ABCDEFGHIJ")
        .await?;

    Ok(())
}

DELETE

`/connect/applications/:id`

`Parameters`

`Returns`

Client secrets Continue to the next section

Up next

Applications

OAuth Applications

OAuth Application

object: "connect_application"

id: string

client_id: string

name: string

description?: string

application_type: "oauth"

redirect_uris: array

uses_pkce: boolean

is_first_party: boolean

was_dynamically_registered?: boolean

organization_id?: string

scopes: string[]

created_at: string

updated_at: string

Machine-to-Machine Applications

M2M Application

object: "connect_application"

id: string

client_id: string

name: string

description?: string

application_type: "m2m"

organization_id: string

scopes: string[]

created_at: string

updated_at: string

Get a Connect Application

/connect/applications/:id

Parameters

id: string

Returns

connect_application: object

List Connect Applications

/connect/applications

Parameters

before?: string

after?: string

limit?: integer

order?: "normal" | "desc" | "asc"

registration_types?: ("dynamic" | "authenticated")[]

organization_id?: string

Returns object

object: "list"

data: object[]

list_metadata: object

Create a Connect Application

/connect/applications

name: string

application_type: "oauth" | "m2m"

description?: string

scopes?: string[]

redirect_uris?: object[]

uses_pkce?: boolean

is_first_party: boolean

organization_id?: string

Returns

connect_application: object

Update a Connect Application

/connect/applications/:id

name?: string

description?: string

scopes?: string[]

redirect_uris?: object[]

Parameters

id: string

Returns

connect_application: object

Delete a Connect Application

/connect/applications/:id

Parameters

id: string

Returns

empty: empty

`OAuth Application`

`M2M Application`

`/connect/applications/:id`

`Parameters`

`Returns`

`/connect/applications`

`Parameters`

`Returns` `object`

`/connect/applications`

`Returns`

`/connect/applications/:id`

`Parameters`

`Returns`

`/connect/applications/:id`

`Parameters`

`Returns`